Category Started On Completed On Duration Cuckoo Version
FILE 2014-07-03 06:19:00 2014-07-03 06:20:59 119 seconds 1.2-dev
Machine Label Manager Started On Shutdown On
machine4 xpmachine4 VirtualBox 2014-07-03 06:19:01 2014-07-03 06:20:58

File Details

File name order_id_467832647826378462387462837.exe
File size 122368 bytes
File type PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 DB4708C7
MD5 0565967f01fe0d84708739d5fe4f6344
SHA1 334f41a3182dd25993501cb4033c7797115d539e
SHA256 89ae44d8867b830f6bb8eccb8254e2d1508eaec932d132d9499a8c05d12a1200
SHA512 be6ff8baf05f26385509e1050195f103ffe3d84a5c1d6bb895a823188261e976a9d8a15d754101265ae60cd188c99cd248fd8e9c20a211298745168269c27a94
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2014-07-03 10:04:10
Detection Rate: 2/51 (Expand)

Signatures

File has been identified by at least one AntiVirus on VirusTotal as malicious
Installs itself for autorun at Windows startup

Screenshots

Static Analysis

Version Infos

Sections

Imports

Strings

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

Behavior Summary

Files
  • C:\
Mutexes Nothing to display.
Registry Keys
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Disk\Enum
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall

Processes

registry filesystem process services network synchronization

order_id_467832647826378462387462837.exe PID: 972, Parent PID: 416

Volatility

Nothing to display.